May 10, 2013

A vulnerability in Internet Explorer 8 has been confirmed that allows malware to infect a computer simply by visiting, or clicking an email link to, an infected website.

There is currently no patch available. The vulnerability can be exploited by a simple drive-by attack which will allow adversaries to install malware on your computer without any user action necessary. This means you could be infected simply by visiting a legitimate website that has been compromised and hosting the malicious code. The vulnerability was already leveraged in a targeted attack on the U.S. Department of Labor.

1. We recommend that all users stop using the Internet Explorer 8 Web browser immediately.

If you're running Windows Vista or newer, simply upgrade Internet Explorer to version 9 or 10 and you'll be safe from this vulnerability, as it's only been reported to work on version 8.

If you're running Windows XP or older, use an alternative Web browser such as Firefox, Chrome or Opera as newer versions of Internet Explorer are not presently available. You should also consider upgrading to a newer operating system as soon as possible, as Microsoft plans to drop support for Windows XP next April.

We'll let you know as soon as Microsoft releases a patch for this issue. Here are some relevant links for additional information: